From owner-freebsd-security Tue May 22 21:50:39 2001 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-9.dsl.lsan03.pacbell.net [63.207.60.9]) by hub.freebsd.org (Postfix) with ESMTP id 8B26037B422 for ; Tue, 22 May 2001 21:50:35 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id F0C6166BF7; Tue, 22 May 2001 21:50:34 -0700 (PDT) Date: Tue, 22 May 2001 21:50:34 -0700 From: Kris Kennaway To: "Sergey N. Voronkov" Cc: Kris Kennaway , freebsd-security@FreeBSD.ORG Subject: Re: Is there a ftp vuln in 4.3-STABLE Message-ID: <20010522215034.A36060@xor.obsecurity.org> References: <000501c0e316$7deb4450$45d8db40@mhx800> <20010522193952.A33978@xor.obsecurity.org> <20010523100448.A15088@sv.tech.sibitex.tmn.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="sm4nu43k4a2Rpi4c" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010523100448.A15088@sv.tech.sibitex.tmn.ru>; from serg@tmn.ru on Wed, May 23, 2001 at 10:04:48AM +0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --sm4nu43k4a2Rpi4c Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 23, 2001 at 10:04:48AM +0600, Sergey N. Voronkov wrote: > On Tue, May 22, 2001 at 07:39:52PM -0700, Kris Kennaway wrote: > > On Tue, May 22, 2001 at 08:26:29PM -0400, Alex wrote: > > > Is this a FreeBSD specific FTP vulnerability? > > >=20 > > > -Alex > > >=20 > > > On Tue, 22 May 2001, Ryan wrote: > > >=20 > > > > There is an ftp vuln... I do not have any details on it sorry.. Som= e kinda > > > > overflow.. I would run proftpd > >=20 > > No-one has informed the security-officer about any new vulnerability > > in FreeBSD (or for that matter, about third party ftpd ports). It's > > probably worthwhile not flying into a panic until someone actually > > provides some corroborating evidence. > >=20 >=20 > When I'v found this staff in my logfiles I'v change native ftpd to luke's > one. Sorry, can't get core to you... And don't want to setup native daemon > to provide potential hole to someone. >=20 > May 16 15:50:34 ftp /kernel: pid 5272 (ftpd), uid 14: exited on signal 11 > May 17 21:02:20 ftp /kernel: pid 11157 (ftpd), uid 14: exited on signal 11 >=20 > Also I have one questtion: how to setup ftpd to allow it dumping core to > specified destination? Use the kern.corefile sysctl Kris --sm4nu43k4a2Rpi4c Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7C0GaWry0BWjoQKURAknjAJ9rCydNeVeCHMDHMOTcG7NJiFPwnwCgvlJn 0FYHr7vjFYu1ra7XLlzbLAM= =Bwza -----END PGP SIGNATURE----- --sm4nu43k4a2Rpi4c-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message